From 01eb1583858fbb07adbf6eb96cd45feb94be0436 Mon Sep 17 00:00:00 2001
From: Jeremy Rose <172423086+nornagon-openai@users.noreply.github.com>
Date: Fri, 10 Oct 2025 13:43:44 -0700
Subject: [PATCH] Fixes #5011: Document bearer_token_env_var for streamable
 HTTP

---
 docs/config.md | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/docs/config.md b/docs/config.md
index fba8a3a21d..40240bed81 100644
--- a/docs/config.md
+++ b/docs/config.md
@@ -370,9 +370,11 @@ API_KEY = "value"
 experimental_use_rmcp_client = true
 [mcp_servers.figma]
 url = "https://mcp.linear.app/mcp"
-# Optional bearer token to be passed into an `Authorization: Bearer <token>` header
-# Use this with caution because the token is in plaintext and can be read by Codex itself.
-bearer_token = "<token>"
+# Optional: set `bearer_token_env_var` to the name of an environment variable whose
+# value should be passed into an `Authorization: Bearer <token>` header.
+# Export the environment variable before launching Codex so the MCP client can read it.
+# (Inline `bearer_token` values are no longer supported.)
+bearer_token_env_var = "FIGMA_MCP_TOKEN"
 ```
 
 For oauth login, you must enable `experimental_use_rmcp_client = true` and then run `codex mcp login server_name`